
Commentors on the final California Consumer Privacy Act regulation queried: “Are session cookies a “unique personal identifier?”
The California Attorney General replied: Maybe, depending on the context.
- A “unique personal identifier” is a persistent identifier that can be used to recognize a consumer.
- If a session cookie cannot be used to recognize a consumer, family or device that is linked to a consumer or family, over time and across services, it would not fall within this definition.
- This is fact-specific and contextual and you should consult with an attorney.
This echoes the approach under GDPR.